Open for Voting

Update certificates to 2048 from 1024.

I am getting this finding by my security team in regards to communication between pollers and agent monitored systems

"Plugin Output:
The following certificates were part of the certificate chain
sent by the remote host, but contain RSA keys that are considered
to be weak :
|-Subject        : CN=SolarWinds-Orion
|-RSA Key Length : 1024 bits"

Solution they request
Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.

  • You may be using an older version of Orion that is still using 1024 bits. We have 1024 bits but that is used by WPM. I am hoping this will be resolved soon.

    |-Subject : CN=SolarWinds-SEUM_PlaybackAgent
    |-Signature Algorithm : SHA-1 With RSA Encryption

  • Is this for the SolarWinds Orion polling engine?  My key is showing 2048 bits.

    This is for Orion Platform 2020.2.6 HF1.  If you want to regenerate with a 2048 RSA key, it looks like you can just export the certificate, delete it from the store and re-run the configuration wizard. (For confirmation, contact support before you try this because the article appears to read one of two ways).


    This second link seems to indicate that the larger certificate was enabled in Orion Platform 2017.1.

    FYI: My above certificate was generated on 2021-03-04 19:19:42.660 for Orion Platform 2020.2.